Cost Management¶

Noxaudit is designed to be cheap enough to run frequently. This guide covers estimation, budget controls, cost tracking, and optimization strategies.

Estimating Cost¶

Before running an audit, estimate the cost locally — no API key needed:

noxaudit estimate --focus security

  my-app — security

  Files:     42 files, 87K tokens
  Provider:  openai (gpt-5-mini)

  Cost estimate: ~$0.03 per run
    Batch API 50% discount applied.

  Alternatives:
    openai (gpt-5-nano)                      ~$0.01   67% cheaper
    gemini (gemini-2.5-flash)                ~$0.03   similar cost
    anthropic (claude-sonnet-4-6)            ~$0.14   more expensive — deeper analysis

  Running daily: ~$0.90/month
  Running daily with gpt-5-nano: ~$0.30/month

The estimate includes:

• File and token counts
• Cost per run with your current model (including batch discounts)
• Cheaper alternatives with savings percentages
• Monthly cost projections based on different run frequencies
• Pre-pass potential for large codebases

Budget Controls¶

Set maximum cost per run and alert thresholds:

budget:
  max_per_run_usd: 2.00
  alert_threshold_usd: 1.50

Cost Tracking¶

The status command shows cost history for the last 30 days:

noxaudit status

Cost (last 30 days):
  Audits run:          12
  Total input tokens:  1.2M
  Total output tokens: 96K
  Cache read tokens:   800K
  Cache write tokens:  400K
  Cache savings:       40.0% served from cache
  Estimated spend:     $0.36
  Avg per audit:       $0.03
  Projected monthly:   ~$0.90

  Last 5 audits:
    Feb 27  security           gpt-5-mini            42 files    95K tok  $0.03
    Feb 26  patterns,hygiene   gpt-5-mini            67 files   142K tok  $0.04
    ...

Cost tracking uses retroactive repricing — stored token counts are recalculated with current pricing, so costs remain accurate even when pricing changes.

Optimization Strategies¶

1. Use gpt-5-mini for Frequent Audits¶

Our benchmark showed gpt-5-mini ($0.03/run) hits 5/6 cross-model consensus issues with minimal noise — excellent value for frequent runs:

repos:
  - name: my-app
    provider_rotation: [openai]
model: gpt-5-mini

Reserve deeper models for periodic deep dives:

noxaudit run --focus all --provider anthropic --model claude-opus-4-6

2. Group Focus Areas¶

Running multiple focus areas together deduplicates source files, saving ~80% on input tokens:

noxaudit run --focus security,dependencies      # 1 API call
noxaudit run --focus patterns,hygiene,docs       # 1 API call
noxaudit run --focus performance,testing         # 1 API call

3. Use Batch API¶

All three providers support batch API with a 50% discount. Use the submit/retrieve workflow:

noxaudit submit --focus security
# ... wait ...
noxaudit retrieve

The GitHub Actions workflow uses this pattern automatically.

4. Exclude Irrelevant Directories¶

Reduce file count by excluding generated code, vendor directories, and other noise:

repos:
  - name: my-app
    path: .
    exclude:
      - vendor
      - node_modules
      - generated
      - dist
      - build
      - .git

5. Pre-pass Triage¶

For large codebases that exceed Anthropic's 200K token tier threshold, the pre-pass uses a cheap model (Gemini Flash) to classify files before the main audit:

prepass:
  enabled: true
  threshold_tokens: 600000

The pre-pass classifies each file as:

This typically reduces token count by ~50%, keeping the main audit under the tiered pricing threshold.

When auto: true (default), the pre-pass activates automatically when token count exceeds threshold_tokens.

The estimate command shows pre-pass savings when applicable:

  Pre-pass estimate:
    Gemini Flash triage: ~$0.02
    Expected reduction: 450K → ~200K tokens (high: 12 files, medium: 25, low/skip: 45)
    With pre-pass, claude-sonnet-4-6 stays in standard pricing tier ($3.00/M vs $6.00/M)

Cost Comparison¶

Estimated cost per audit for a medium-sized codebase (~100 files, ~100K tokens), with batch API discount: